When the NBAR engine generates a block based on a configured Layer 7 Firewall rule, the Dashboard event log is populated with events that look like the following example:
When looking at such an event, there are two key details that can be referenced to determine why the block occurred:
Classification: this value indicates the rule configured on Dashboard that triggered the block.
NBAR ID: this value indicates the internal rule the NBAR engine matched the traffic to, based on specific factors within the Layer 7 (Application) payload in the packet(s) in question.
NOTE: DNS traffic (TCP/UDP Port 53) may also get blocked by Layer 7 rules if it contains a query for a domain the rule in question covers.
For example, you may see a block on UDP port 53 classified as "abc.com" if the "All News" rule is configured on Dashboard, and a user device sends a DNS query for said domain.
Clicking on the buttons under each category will display a table that maps which rule IDs NBAR will start blocking on when the corresponding rule is configured in Dashboard.
NOTE: Each category also has an "all" rule on Dashboard (e.g. All Advertising) that will apply every individual rule under it when configured.
Advertising
Rule/Classification Name
Logged NBAR ID
Advertising.com
3063
AppNexus
2619
Brightroll
3058
Google advertising
2572
LKQD
3415
OpenX
3086
Adcash
1064
Backpage.com
1690
DoubleVerify
2014
Integral Ad Science
2031
moatads
3060
mopub
2043
Outbrain
2566
Pubmatic
2053
SpringServe
2759
Blogging
Rule/Classification Name
Logged NBAR ID
Blogger
1461
WordPress
3444
Ameba
2625
Destructoid
1654
FC2
2519
Jimdo
2678
Sina Weibo
256
Tianya
2602
TypePad
2719
Business Management
Rule/Classification Name
Logged NBAR ID
Deltek Axium
2636
IFS
2783
Microsoft Dynamics 365
1443
NetSuite
1187
Priority ERP
2635
salesforce.com
1444
SugarCRM
1196
Workday
1186
Concur
1182
Intacct
2679
IQMS
2616
SICOM Restaurant Management
2806
Databases & Cloud Services
Rule/Classification Name
Logged NBAR ID
Azure
1445
IBM Cloud
3382
SAP Cloud Platform
3092
Amazon Cloudfront
1249
Amazon S3
1248
Amazon Web Services
2542
Microsoft Windows Azure
1445
SAP Cloud Platform
3092
IBM-DB2
270
IBM Informix SQL Interface
1043
Amazon RDS
2740
Amazon Redshift
2796
Cassandra
2768
dBase
1114
DB service
2756
DDM Distributed File management
362
DDM-Remote Relational Database Access
1361
Domino Domain Monitor database - Remote DB Access Using Secure Sockets
363
GDS DataBase
1343
Ingres/Net
1163
Microsoft OLAP
686
Microsoft SQL Monitor
685
Microsoft SQL Server
25
mongo
1751
mySQL
711
oracle
1692
Oracle Business Intelligence
1359
Oracle coauthor
693
Oracle Names
695
Oracle Net8 Cman
696
Oracle Net8 CMan Admin
1697
Oracle Remote Data Base
694
Oracle TCP/IP Listener
1089
Plus Fives MUMPS
1032
postgresql
1361
REAL SQL Server
1988
Remote Database Access
1539
SAP Hana
331
Sqli
2149
SQLNet
1051
SQL-NET
1978
SQL*NET
2425
SQL Service
1684
Sybase
2390
VVPS-Qua
580
Z39.50
1108
Health Care
Rule/Classification Name
Logged NBAR ID
Allscripts
3416
Cerner
3122
McKesson
3032
CureMD
2011
Digital Imaging and Communications in Medicine
1076
Epic EHR
3219
GE Healthcare
2827
Health Level 7
1073
Email
Rule/Classification Name
Logged NBAR ID
Host-based email (POP3/IMAP/SMTP)
17
Hotmail
1446
Internet Message Access Protocol over TLS/SSL
3286
Rackspace Hosted Exchange
2634
Simple Mail Transfer Protocol
2649
Web based email
1754
Windows Live Hotmail and Outlook
1484
Yahoo Mail
1462
Aweber
2658
bmpp
541
Eudora Set
506
Gmail
1073
GMX Mail
1591
Groupwise
2347
Hotmail Email Services
1446
IBM Lotus Notes
1470
Interactive Mail Support Protocol
321
Internet Message Access Protocol version 4
17
MailChimp
2580
MAILQ
1019
Mail.ru
1553
Mail Service
1754
Mail Submission Agent
501
Messaging Application Programming Interface
1078
Microsoft Exchange
49
MS Exchange Routing
1599
Netix Message Posting Protocol
1115
NI MAIL
1938
On-Demand Mail Relay
282
Outlook Web Service
1484
Post Office Protocol 3
1033
Post Office Protocol 3 over TLS
1034
Post Office Protocol - Version 2
980
Quick Mail Queuing Protocol
1537
Quick Mail Transfer Protocol
2107
Remote Mail Checking Protocol
1930
Secure Simple Mail Transfer Protocol
1507
SEND
1907
XNS mail
937
Yahoo! Mail
1462
File Sharing
Rule/Classification Name
Logged NBAR ID
Apple file sharing
1327
File Transfer Protocol
17
Financial Information eXchange
2825
Mega
2959
Microsoft-DS
1588
Microsoft OneDrive
1499
Windows file sharing
80
AOL Instant Messenger File Transfer
2438
Box
1074
Common Internet File System
80
Dropbox
1485
File Transfer [Default Data]
909
ftp protocol control over TLS/SSL
1044
Globus GridFTP
2313
Google Docs\Drive
1458
Google Talk File Transfer
2201
Grid FTP
2309
Hangouts File Transfer
2092
Microsoft SkyDrive
1499
Multisource File Transfer Protocol
265
NetApp SnapMirror
2293
Network File System
1027
NI FTP
1927
OSCAR File Transfer
2448
PFTP
1570
Prospero Directory Service
1035
PutLocker.com
2054
RemoteFS
471
rsync
659
SCSI on ST
2138
Secure FTP Data
1668
Sender-Initiated/Unsolicited File Transfer
1517
Simple Asynchronous File Transfer
401
Simple File Transfer Protocol
1985
Softros LAN Messenger and File Transfer
2365
Trivial File Transfer Protocol
1048
TusFiles
1058
UUCP Path Service
987
Gaming
Rule/Classification Name
Logged NBAR ID
IGN
2809
PlayStation
1702
World of Warcraft
85
Xbox LIVE
1707
Battle.net
3274
Big Fish Games
3377
Blizzard
2007
BNet
1330
Call of Duty
1377
DirectPlay
716
DirectPlay8
1717
DOOM
1099
GameSpot
2974
Game-spy Online Gaming
1349
GREE
2536
IPX network emulator for DOS and Windows
718
Maplestory
2086
Miniclip
2040
Parsec Gameserver
744
Playstation.com
1702
Playstation Store
2192
pogo.com
2564
QQ-Games
2509
Secondlife
1041
Steam
1401
TeamSound
2391
Xbox Live
1707
Xfire Instant Messaging Service
1371
Zynga
2070
Video & Music
Rule/Classification Name
Logged NBAR ID
BBC iPlayer
3178
Flash Video
6
hulu.com
1317
megavideo.com
1318
Netflix
1316
YouTube
82
AirPlay
1483
Amazon Instant Video
1541
Apple QuickTime
1092
Baidu Movie
1043
blip.tv
122
BrightTalk
1170
Dailymotion
169
DirecTV Data Catalog
723
DirecTV Webcasting
1720
Disney
1687
Flash Yahoo
118
Food Network
1688
Google Video
20
Gyao
2164
HBO GO
2023
Hulu
1317
iTunes Media
1075
iTunes-video
2511
KeyHoleTV
1530
LeTV
2701
LiveStation
2405
Microsoft Stream
2255
Miscellaneous video
127
MPEG-2 Transport Stream
1549
Niconico
1535
PPstream
698
PPTV
1673
Public Broadcasting Service
1730
QQLive
2476
Real Data Transport
2363
RealMedia Traffic
1442
Real Time Messaging Protocol Encrypted
2416
Real Time Messaging Protocol Tunneled
1420
Sling
1892
SopCast
1116
TED
2698
Tudou
2559
TwitchTV
1577
ustream.tv
72
VDOLive
1050
Vimeo
1168
Windows Media
53
Xfinity TV
170
Xunlei Kankan
2472
Youku
2546
Youtube
82
Zattoo
115
iTunes
461
Pandora
1451
Rhapsody
1418
Spotify
1165
grooveshark.com
143
iTunes-audio
1510
Kuro
801
last.fm
70
Miscellaneous audio
128
MTV
2193
Napster
1462
Pandora Internet Radio
1451
rdio.com
141
SHOUTcast Internet Radio
1478
Soribada
842
soundcloud.com
142
News
Rule/Classification Name
Logged NBAR ID
ABC News
1651
CNN
1167
Gizmodo
1618
MSN
2888
New York Times
1558
sina.com.cn
3446
TechCrunch
3475
turner.com
3375
ABC
1651
BBC
2464
Business Insider
2582
BuzzFeed
1555
CBS
1685
CNBC
2686
CNET
2574
Daily Mail
2562
Drudge Report
2675
E! Online
1653
Feedly
1581
Fox News
1588
Indiatimes
2561
msn.com
2888
NBC News
1649
NY Daily News
1661
Patch.com
1694
People.com
2673
Rediff.com
1601
Reuters
1621
SFGate
2704
Sky.com
1714
The Atlantic
2706
The Blaze
1703
The Daily Beast
1717
The Hollywood Reporter
1718
The Huffington Post
1557
The New York Times
1558
The Telegraph
1595
The Washington Post
2585
The Xinhuanet
1539
TMZ
1631
UOL
2556
USA Today
2609
Wall Street Journal
1598
Online Backup
Rule/Classification Name
Logged NBAR ID
IBackup
2838
iCloud
1501
Backblaze
2628
Backup service
2757
Carbonite
2009
Connected Backup
2544
Crashplan
1749
Mozy
3192
NovaStor Backup
2148
Tobit David Replica
1140
Yosemite Tech Tapeware
1372
Peer-to-peer
Rule/Classification Name
Logged NBAR ID
BitTorrent
69
DC++
70
eDonkey
67
Encrypted P2P
1889
Kazaa
59
Winny
2801
Ares
1502
BitTorrent Networking
1477
Direct Connect
70
Distributed Hash Table
886
eDonkey Static
2333
Encrypted Bittorrent
1206
Encrypted eMule (eDonkey and Kademlia)
885
FastTrack
1322
Filetopia
1432
Gnutella
58
GoBoogy
1345
Konspire2b
2190
Manolito
383
networking-gnutella
358
Pando
1049
Perfect Dark
2517
poco
700
Share
1515
Soulseek
431
Tomatopang
2093
Waste
574
Webthunder
2055
WinMX
1068
xunlei
1471
Social Web & Photo Sharing
Rule/Classification Name
Logged NBAR ID
Flickr
1570
ImageShack
2992
Imgur
2616
imgur.com
292
photobucket.com
2649
Picasa
1459
smugmug
2946
Shutterstock
2592
theCHIVE
257
Facebook
1454
img.ly
2512
Line
1512
Pinterest
1682
Snapchat
1242
Yahoo Messenger
1586
Yelp
2979
Badoo
2614
Douban
2568
Facebook Audio Streaming
2063
Facebook Media Streaming
2070
Facebook Video Streaming
2065
Google+
1457
Google Talk
2030
Google Talk Chat
1324
Hangouts
1087
Hangouts Audio
2090
Hangouts Chat
2091
HootSuite
1597
ICQ
1902
imgur
154
Instagram
1537
IP Messenger
1326
Jabber
1038
Kakao-Services
2522
Kakao-Talk
2518
LinkedIn
1463
Mashable
2587
Mixi
1531
MySpace
3378
QQ Instant Messenger
2508
Tagged
1726
Taringa
2715
tumblr
1241
twitpic
155
Twitter
1453
VKontakte
2047
WeChat
1037
WhatsApp
2488
yfrog
153
Productivity
Rule/Classification Name
Logged NBAR ID
Office 365
1431
SAP
2992
Sharepoint
1417
Slack
1217
Virtual Network Computing
1618
Active Directory
2194
ActiveSync
1419
Adobe Creative Cloud
251
Amazon EC2
2247
Atlassian
2699
Automatic Data Processing
1185
Bitbucket
1676
Cisco SD-WAN IPSec
1262
Computer Resources Sharing Application
1367
Control And Provisioning of Wireless Access Points Data Protocol
1325
Coursera
1695
DameWare Mini Remote Control
2481
Demandware
2189
Distributed Compiler
2340
Evernote
1617
freshdesk.com
3458
GitHub
2554
iPass
2007
iPerf
335
Jira
1179
mDNS
1244
Microsoft CRM Dynamics Online
1443
Microsoft Office 365
1431
Microsoft Office Web Applications
2500
Microsoft Windows Live Services Authentication
2434
Mikogo
2450
MindTouch
2245
Mozilla
2983
Netsuite
1187
OpenVPN
2314
Oracle
2184
Oracle E-Business Suite - Un-encrypted Traffic
2452
PDL data streaming port
2384
Pearson Education
2739
Perforce
2415
Pocket
1731
Prezi
1263
Rational ClearCase
1091
remote access and desktop sharing
1430
Remote Desktop Protocol
1689
Salesforce CRM
1444
SharePoint
1417
Siebel CRM
2174
Simphony.NET
2058
Siri
2096
Slack Media
2218
Stack Overflow
264
Timbaktu Remote Control Software
1322
Ubuntu
3286
Vmware Vmotion
2429
VMware vSphere
1538
VNC over HTTP
1414
Windows Live Office
138
X-Windows Remote Access
1045
Zendesk
2615
Zoho Services
2183
Remote monitoring & management
Rule/Classification Name
Logged NBAR ID
Remote desktop
100
Apple Remote Desktop
2475
auvik
3425
Citrix Audio
2548
Citrix ICA
179
Citrix Online
6
Citrix Static
1433
GotoDevice
1346
Gotomypc
2435
LogMeIn
1455
Marconet
2036
MyRMM
3270
PCoIP
2427
Remote Admin
2362
Sflow Traffic Monitoring
1364
showmypc
2468
Vmware View
1426
Security
Rule/Classification Name
Logged NBAR ID
avast
1017
Cisco Cognitive Threat Analytics
395
Cisco Stealthwatch
340
cisco umbrella
1211
DigiCert
2013
McAfee Antivirus
1031
Software & anti-virus updates
Rule/Classification Name
Logged NBAR ID
Antivirus updates
1031
Software updates
1095
adobe updates
2709
Android Updates
1526
Apple App Store
2527
Apple iOS updates
1525
AppleTV updates
2532
Apple Updates
1095
Avast Antivirus
1017
bitdefender
3691
eset
3083
Google Downloads Services
1081
Google Play
2528
Java Update
2646
kaspersky
3203
MAC OS X updates
1524
McAfee AutoUpdate
1354
Microsoft Windows Store
1529
Microsoft Windows Update Service
1432
sophos
3264
symantec
4459
webrootcloudav.com
3461
Sports
Rule/Classification Name
Logged NBAR ID
CBS Sports
1679
ESPN
1486
mlb.com
1684
nhl.com
1691
Bleacher Report
2606
ESPN video streaming
1487
ESPN web browsing
1486
foxsports.com
2017
NHL.com
1691
Nike
1664
Official Major League Baseball
1684
VoIP & video conferencing
Rule/Classification Name
Logged NBAR ID
Dropcam
3230
H.323
3377
Internet Security Association and Key Management Protocol
3444
Real Time Streaming Protocol
2983
Real-time Transport Protocol
2809
SCCP (Skinny Call Control Protocol)
63
Session Initiation Protocol
2823
SIP (Voice)
65
Skinny Call Control Protocol
2974
Skype
83
WebEx
1479
AOL Instant Messenger Audio
1436
AOL Instant Messenger Video
2437
Audio Over HTTP
120
Cisco Collaboration Audio
2759
Cisco Collaboration Control
2764
Cisco Collaboration Media
2740
Cisco Collaboration Video
1762
Cisco Digital Media Player
1422
Cisco IP Camera
2315
Cisco IP SLA
2076
Cisco Jabber Audio
1494
Cisco Jabber Control
1498
Cisco Jabber IM
2493
Cisco Jabber Video
1495
Cisco Media Audio
2746
Cisco Media Video
2747
Cisco NAC
1334
Cisco Phone
81
Cisco Phone Audio
1551
Cisco Phone Control
1763
Cisco Phone Media
2745
Cisco Phone Video
1552
cisco smart probe
1207
Cisco Spark
2741
Cisco Spark Audio
2050
Cisco Spark Media
2051
Cisco Spark Video
1048
Cisco TV
2176
Conferencing
2753
Conferencing Server
1748
CRYPTOAdmin
1533
Entrust Key Management Service Handler
612
Facetime
1469
Google Services Audio
1061
Google Services Media
1071
Google Services Video
2062
Google Talk Video
2403
Google Talk Voice
2198
GoToMeeting
1166
H.225
1172
H.245
2173
Hangouts Media
1088
Hangouts Video
2089
Inter-Asterisk eXchange
2329
Internet video conference system
12
Jabber Audio
1045
Jabber Video
2046
Jive Software
1191
Lifesize
1215
Media Gateway Control Protocol
1062
Microsoft Teams
1208
MS Teams App Sharing
2260
MS Teams Audio
2214
MS Teams Media
2213
MS Teams Video
1209
Philips Video-Conferencing
1497
Real-Time Transport Control Protocol
1066
Real-time Transport Protocol Audio
1503
Real-time Transport Protocol Video
2504
RingCentral
1188
Ringcentral Audio
1256
Ringcentral Control
1259
Ringcentral Media
2257
Ringcentral Video
1258
RTSPS
1881
Secure Data Network System Key Management Protocol
1473
Secure SIP
1428
Skype for Business (MS-Lync)
2466
Skype for Business (MS-Lync) Audio
1496
Skype for Business (MS-Lync) Control
2059
Skype for Business (MS-Lync) Video
1497
Teamspeak
1072
Telepresence Audio
1758
Telepresence Control
1114
Telepresence Media
1113
Ventrilo
1069
Viber
2320
Video Over HTTP
1122
Vocera
140
Web conferencing solution for web meetings
2441
Webex Application Sharing
2480
Webex Audio
2251
WebEx Control
1082
Webex Media
1479
WebEx Meeting
1306
Webex Video
2250
WebRTC
1054
WebRTC Audio
2056
WebRTC Video
2057
Wi-Fi Calling
1736
Windows Live Messenger Video
1216
Yahoo Messenger Video
2533
Yahoo VoIP Messenger
674
Yahoo VoIP over SIP
1195
Zoom Meetings
2130
Web File sharing
Rule/Classification Name
Logged NBAR ID
Binary over HTTP
121
thepiratebay.org
1584
torrentz.com
1586
4shared.com
80
download.com
58
Easynews
137
easyshare.com
48
filefactory.com
52
filefront.com
53
filer.com
56
filestube.com
79
gigeshare.com
3213
hotfile.com
81
massmirror.com
55
mediafire.com
83
megashare.com
49
megaupload.com
76
RapidShare
78
rapidshare.com
47
SourceForge
2200
The Pirate Bay
1584
Torrentz
1586
ultrashare.de
2765
upload.com
57
WeTransfer
1642
Zippyshare
2652
zshare.net
82
Web payments
Rule/Classification Name
Logged NBAR ID
Intuit
1594
Lightspeed Retail POS
3208
LivePOS
2739
PayPal
261
ShopKeep
3104
Square
2805
Stripe
3298
Apple Pay
2117
Bitcoin
1125
Mondex
385
PayU
2049
Additional Notes
These rules are subject to change over time with additional firmware updates. Any noted disparities after an update should be reported to Meraki Support for investigation, and revision in this document if needed.
DO NOT MODIFY THIS DIV, OR ANYTHING IN THE SCRIPT AND STYLE BLOCKS AFTER IT! This is a purposefully empty div that we need so javascript can properly hide and display the elements on this page!
